Legal

Privacy Policy

Effective date: April 2026

The Echo of the Sea respects your privacy and is committed to protecting your personal data.

This Privacy Policy explains what data we collect through this website, how we use it, which third-party services we use, and what rights you have in relation to your personal data.

1. Who we are

The controller responsible for this website and for the processing of your personal data is:

I HAVE A DREAM ΙΚΕ

Ariadnis 25, 71202, Heraklion, Crete

Email: hello@theechoofthesea.com

Tel / WhatsApp: +30 697 540 0009

If you have any questions about this Privacy Policy or about how your data is handled, you may contact us using the details above.

2. What personal data we collect

We may collect and process the following categories of personal data:

  • your name
  • your email address
  • your phone or WhatsApp number
  • the contents of your enquiry or message
  • technical data such as IP-related information, browser type, device information, pages visited, interactions, and similar usage data
  • cookie and consent preference data
  • security and anti-bot verification data where required to protect the website and forms

3. How we collect your data

We collect personal data when:

  • you submit an enquiry through the contact form
  • you contact us by email, telephone, or WhatsApp
  • you browse and interact with the website
  • you accept or reject cookies through the consent tool
  • website analytics, usability, or security technologies are activated in accordance with your settings or where strictly necessary

4. Why we use your data

We use your personal data for the following purposes:

  • to respond to your enquiries
  • to assist with booking or stay-related requests
  • to communicate with you regarding your interest in the villa
  • to operate, maintain, and improve the website
  • to understand how visitors use the website
  • to analyse usability and improve user experience
  • to protect the website, forms, and visitors against spam, abuse, and malicious traffic
  • to comply with legal obligations

5. Legal bases for processing

Depending on the circumstances, we process your data on one or more of the following legal bases:

  • to take steps at your request before entering into a contract, for example when you contact us about availability or your stay
  • our legitimate interests, such as operating the website, protecting it against abuse, and handling communications
  • your consent, where required, especially for non-essential analytics, behavioural, or similar cookies and technologies
  • compliance with legal obligations, where applicable

6. Contact form and communications

When you submit an enquiry through our contact form, or contact us by email, telephone, or WhatsApp, we use the information you provide in order to respond to your enquiry and assist with your request.

This may include your name, contact details, and the content of your message.

Please do not send sensitive personal data through the contact form unless it is strictly necessary.

7. Google Analytics

We use Google Analytics 4 to understand how visitors use our website and to improve performance and user experience.

Google Analytics may collect information such as:

  • pages viewed
  • approximate location
  • device and browser information
  • referral source
  • interactions with website content
  • usage and event data

Where required by law, Google Analytics is used only on the basis of your consent.

We do not use Google Signals or Google Ads advertising features in Google Analytics.

8. Hotjar

We use Hotjar to better understand how visitors use the website and to improve usability, layout, and user experience.

Hotjar may collect information such as:

  • pages visited
  • clicks, taps, scrolling, and navigation behaviour
  • device type, browser, screen size, and general interaction patterns
  • heatmap and session insight data

Where required by law, Hotjar is used only on the basis of your consent.

9. Cloudflare Turnstile / CAPTCHA protection

We use Cloudflare Turnstile or similar CAPTCHA and security technology to help protect our website and forms from spam, bots, and abusive automated activity.

This service may process technical and interaction-related data necessary to determine whether a visitor is a legitimate human user and to maintain website security.

We use this technology in order to protect the integrity, availability, and security of the website and the contact form.

10. Cookies and consent

Our website may use cookies and similar technologies for:

  • essential website functionality
  • security and abuse prevention
  • analytics and performance measurement
  • user experience improvement

Non-essential cookies or similar technologies, including those related to analytics and behavioural insights, are used only where required and only in accordance with your consent choices.

You can manage your cookie preferences through the cookie banner or settings tool available on the website. For more detailed information, please read our Cookie Policy.

11. Third-party service providers

We may share data, where necessary, with trusted service providers that support the operation of the website and our communications, including providers such as:

  • Google Analytics
  • Hotjar
  • Cloudflare
  • website hosting providers
  • technical developers or maintenance providers
  • communications or email providers

These providers may process data on our behalf or as separate controllers depending on the service and the context.

We do not sell your personal data.

12. International transfers

Some of the service providers we use may process personal data outside the European Economic Area.

Where personal data is transferred outside the EEA, we take appropriate steps to ensure such transfers are protected in accordance with applicable data protection law, including the use of appropriate safeguards where required.

13. Data retention

We keep personal data only for as long as necessary for the purposes for which it was collected.

As a general rule:

  • contact and enquiry data may be kept for up to 2 years after the last relevant communication, unless longer retention is necessary for legal, tax, or dispute-related reasons
  • analytics and technology-related data is retained according to the configuration of the relevant tools and providers and your consent choices where applicable

14. Your rights

Under applicable data protection law, you may have the right to:

  • request access to your personal data
  • request correction of inaccurate data
  • request deletion of your data
  • request restriction of processing
  • object to certain processing
  • request data portability where applicable
  • withdraw your consent at any time where processing is based on consent
  • lodge a complaint with the competent supervisory authority

If you wish to exercise any of your rights, please contact us at hello@theechoofthesea.com.

15. Data security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, misuse, loss, disclosure, or alteration.

However, no internet-based system can be guaranteed to be completely secure.

16. Third-party links

This website may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties and encourage you to review their privacy policies separately.

17. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Any updated version will be posted on this page with a revised effective date.

18. Contact

If you have any questions about this Privacy Policy or about how your personal data is handled, please contact:

hello@theechoofthesea.com

+30 697 540 0009